Allow auditor to read group contribution analytics

The auditor role should be able to view contribution analytics of a group they are not a member of, as per our docs. Changelog: fixed EE: true

Allow auditor to read group contribution analytics
The auditor role should be able to view contribution analytics of a group they are not a member of, as per our docs. Changelog: fixed EE: true
448b87a8 · Magdalena Frankiewicz · Bob Van Landuyt · b4120f95 · 448b87a8 · 448b87a8
Commit 448b87a8 authored Mar 28, 2022 by Magdalena Frankiewicz Committed by Bob Van Landuyt Mar 31, 2022
3 changed files
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -175,6 +175,7 @@ module EE
        enable :view_productivity_analytics
        enable :view_group_devops_adoption
        enable :read_group_repository_analytics
+        enable :read_group_contribution_analytics
      end

      rule { owner | admin }.policy do

--- a/ee/spec/controllers/groups/contribution_analytics_controller_spec.rb
+++ b/ee/spec/controllers/groups/contribution_analytics_controller_spec.rb
@@ -35,20 +35,29 @@ RSpec.describe Groups::ContributionAnalyticsController do
  end

  describe '#authorize_read_contribution_analytics!' do
-    before do
-      group.add_user(guest_user, GroupMember::GUEST)
-      sign_in(guest_user)
-    end
+    let(:request) { get :show, params: { group_id: group.path } }
+
+    context 'when feature is available to the group' do
+      before do
+        stub_licensed_features(contribution_analytics: true)
+      end
+
+      context 'when user is an auditor' do
+        let(:auditor) { create(:user, :auditor) }
+
+        it 'allows access' do
+          sign_in(auditor)

-    context 'when user has access to the group' do
-      let(:request) { get :show, params: { group_id: group.path } }
+          request
+
+          expect(response).to have_gitlab_http_status(:success)
+        end
+      end

-      context 'when feature is available to the group' do
+      context 'when user has access to the group' do
        before do
-          allow(License).to receive(:feature_available?).and_call_original
-          allow(License).to receive(:feature_available?)
-            .with(:contribution_analytics)
-            .and_return(true)
+          group.add_user(guest_user, GroupMember::GUEST)
+          sign_in(guest_user)

          allow(Ability).to receive(:allowed?).and_call_original
          allow(Ability).to receive(:allowed?)

--- a/ee/spec/policies/group_policy_spec.rb
+++ b/ee/spec/policies/group_policy_spec.rb
@@ -182,6 +182,14 @@ RSpec.describe GroupPolicy do

        it { is_expected.not_to be_allowed(:read_group_contribution_analytics) }
      end
+
+      context 'when user has an auditor role' do
+        before do
+          allow(current_user).to receive(:auditor?).and_return(true)
+        end
+
+        it { is_expected.to be_allowed(:read_group_contribution_analytics) }
+      end
    end
  end